[dns-operations] service.gov.scot erroneous NXDOMAIN from "scot" auth servers

Viktor Dukhovni ietf-dane at dukhovni.org
Tue Jun 20 12:29:44 UTC 2023


On Tue, Jun 20, 2023 at 01:36:10PM +0200, CORE DNS Support Team wrote:

> > The gov.scot zone is unsigned, with "service.gov.scot" as a subdomain,
> > but "DS" queries for "service.gov.scot" incorrectly elicit NXDOMAIN,
> > rather than NODATA responses from the "scot" auth servers.
> > 
> >      $ dig -t ds service.gov.scot @anycast9.irondns.net +norecur +nocmd +noall +nostats +comment +noedns
> >      ;; Got answer:
> >      ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22729
> >      ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> 
> The answer is indeed not correct. We will investigate the problem and
> fix it in the next days.

Thanks, that's great.

> However, since anycast9 is only responsible for scot and not for
> gov.scot, I believe the desired answer is a delegation to the name
> servers of gov.scot, and not, as you wrote, a "NODATA" response.

Yes, more precisely a delegation is the expected response, ultimately
(from gov.scot) the response will be NODATA (neither gov.scot, nor
service.gov.scot are signed).

-- 
    Viktor.


More information about the dns-operations mailing list